Following recommendations from the Norwegian National Cyber Security Center (NCSC), SSLVPN/WebVPN solutions should be replaced by more secure alternatives by organizations as multiple cyber-attacks have been attributed to their vulnerabilities. It has been.
The NCSC officially recommends that customers of SSL VPN/WebVPN products convert to IPsec using Internet Key Exchange (IKEv2) instead of Internet Protocol Security (IPsec).
The SSL/TLS protocol, SSL VPN, and WebVPN provide secure remote access to networks over the Internet. An “encrypted tunnel” protects the link between your device and the VPN server. IPsec with IKEv2 encrypts and authenticates every packet using a sensitive key that is updated frequently to secure the connection.
Cybersecurity groups acknowledge that IPsec with IKEv2 has its drawbacks, but because IPsec with IKEv2 is less forgiving of configuration errors than SSLVPN, moving to IKEv2 will reduce the number of issues related to secure remote access. We believe the attack surface area for incidents will be significantly reduced.
The United States and United Kingdom are also among the countries that are recommending the adoption of IPsec over alternative protocols.
Related article: Hong Kong privacy watchdog launches data breach investigation, asks 17,000 affected people to be notified
VPN alternatives
In situations where IPsec connectivity is not possible, the NCSC recommends switching to 5G broadband. NCSC also offers a temporary alternative for companies whose VPN solution does not support IPsec with IKEv2. These companies take time to plan and execute their transformation.
This includes enforcing strict geofencing regulations, centrally recording VPN activity, and preventing access from VPNs, Tor exit nodes, and VPS providers.
In contrast to IPsec, which is an open standard that most companies follow, SSLVPN does not have a standard that forces network equipment manufacturers to develop a protocol version.
However, as a result, several vulnerabilities have been discovered over time in SSL VPN solutions such as Cisco, Fortinet, and SonicWall, and hackers are actively exploiting these to compromise networks.
Nissan external VPN attack
This was abundantly clear when the attackers targeted Nissan's external VPN, brought down several corporate systems, and demanded a ransom. The company claims that none of its systems were encrypted during the attack.
The company worked with independent cybersecurity experts to assess the situation, bring the issue under control, and eliminate the threat. Further investigation revealed that the hacker had accessed a small number of files on his device locally and on his device, most of which contained information related to his business.
Nevertheless, on February 28, the company discovered certain personal data within the data, primarily regarding former and current NNAs. [Nissan] Employee – includes social security number
Cybersecurity experts believe the hackers likely obtained identification codes or multi-factor authentication tokens from actual Nissan employees to access Nissan's VPN.
According to Erich Kron, cybersecurity awareness advocate at KnowBe4, focusing on VPNs can often allow malicious attackers to evade detection and bypass a company's many security safeguards. .
Related article: Australian anonymous healthcare provider hacked: National Cybersecurity Coordinator admits
(Photo: Tech Times)
ⓒ 2024 TECHTIMES.com All rights reserved. Please do not reproduce without permission.
